IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Since we can build --bootable=no images without dracut->systemd, we need
to add systemd runtime dependencies explicitely.
(cherry picked from commit f2bb8857cd093eb9bd5e1dad6fb996a0a4463556)
(cherry picked from commit 731a4d9cd6bf471d22b6ac637e49dcd477a92ac6)
(cherry picked from commit 10e68a0f6526582874ee7ff73f5031c05c9709de)
(cherry picked from commit c7ac817ca615eca391248110f1d0979ce841f87f)
It makes it easier to diagnose what the generated units actually do.
(cherry picked from commit d53285d551d883bb9f097eca0942e8c585e33470)
(cherry picked from commit 3cd5be0e2952548aea9b1cda7985e5bc1b65f4e2)
(cherry picked from commit 4c3ebc38473c0a7f13fff8cbeae9b417ec029c1d)
(cherry picked from commit bc48d3cf6343810177821c189c33bbcc48a52b07)
In general our commands print help on --help, but here this would trigger
the error that two arguments are needed. Let's make this more user-friendly.
(cherry picked from commit 5d5e43cc33637a12f743f17294cfbd3ede08a1b3)
(cherry picked from commit 8d9471cbca46115e6411b78abc5bc67390940cf1)
(cherry picked from commit e5c504c67c96f71dfdaa11f5ddbfa7cae21ce810)
(cherry picked from commit d12059e10ba46e1647292d753056a3da83181f9f)
* `<sys/poll.h>` is not specified in POSIX
(cherry picked from commit 2b6c0bb2a341c95223ce672249e43c743b03d78c)
(cherry picked from commit c15fc774d59c486adb81c7eb07fe58b2b3db86da)
(cherry picked from commit 5c16e92fbcda5335037ba12a773c6c65f71f235c)
(cherry picked from commit 22426505b15b1c1869c1252922d181e537b33ca8)
* `<sys/fcntl.h>` is not specified in POSIX
(cherry picked from commit f8d54f7810aeea5ff27a5db03e1aab7ea54c8268)
(cherry picked from commit d57080b6229b45802fed997bd53add0df4c7ec00)
(cherry picked from commit 4337053b230b6a0f00a5623d1129d5dcf4a178bd)
(cherry picked from commit 126aa3cfe5be570213bcbf699d9573cd34c5bff7)
See: https://github.com/systemd/systemd/pull/20191#issuecomment-881982739
In general, we shouldn't blanket move syscalls like this into @default,
given that glibc actually does have fallbacks, afaics. However, as
long as the syscalls are "read-only" and thus benign, I figure it's a
safe thing to do. But we should probably stick to a "if in doubt, don't"
rule, and put these syscalls in @system-service as default, but not into
@default.
I think in the real world @system-service is the sensible group people
should use, and not @default actually.
(cherry picked from commit 7df660e45682af5c40a236abe1bdc5ddcf3b3533)
(cherry picked from commit ee8564940b527cef6e643e6e41b6f0b5df375a37)
(cherry picked from commit bcdefe2ad3a047fc51a2eb3e559c43c4ccb89957)
(cherry picked from commit db4a3e9b5a668ba20a7424902f11da8b95f2a557)
It's included in @default now, since
14f4b1b568907350d023d1429c1aa4aaa8925f22, and since @system-service
pulls that in we can drop it from @system-service.
Follow-up for #20191
(cherry picked from commit 67347f37407489a68e12da8f75b78ae1d1168de9)
(cherry picked from commit 3eb4dc295ae9b853450e4823c8be7dbf8ccdbd43)
(cherry picked from commit cb09a479dedf84c7e9a43c976066557de943fabe)
(cherry picked from commit 425fc95880723ba3402b54b6610bf267004df955)
This header provides definitions for NET_NAME_UNKNOWN ånd NET_NAME_ENUM
Fixes build issue found with non-glibc systems
../git/src/network/networkd-link.c:1203:52: error: 'NET_NAME_UNKNOWN' undeclared (first use in this function)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2a0d07d6a0d5be63c6c10cb0789412f584858ec1)
(cherry picked from commit 369b2066e93e9a11fdfd3eb6fc7402ecd55fc7bd)
(cherry picked from commit 18e0b662ef9ea1e5f3d8c00a917b65af2d405de3)
(cherry picked from commit 5898d09e9b4d1c9034fa7e4fb88758ac141a7aea)
(cherry picked from commit d2e84b601805ae89cf8cb1b383b30c7c97cac73d)
(cherry picked from commit 595d9965bb07c1f96e159d5be31504972c9d0754)
(cherry picked from commit aac6524cfdbd37878d2bad85f1c1b01a4ab04c64)
(cherry picked from commit 151c217ef207df1455c6b36e234356ec9767fc5c)
glibc master uses getrandom in malloc since https://sourceware.org/git/?p=glibc.git;a=commit;h=fc859c304898a5ec72e0ba5269ed136ed0ea10e1 , getrandom should be in the default set so to avoid all non trivial programs to fallback to a PRNG.
(cherry picked from commit 14f4b1b568907350d023d1429c1aa4aaa8925f22)
(cherry picked from commit 1253d18af7449814bc882506b0fe3770311b3bc0)
(cherry picked from commit 38b7f010293a300a9ae4aa607c155ae916cdc828)
(cherry picked from commit dc4550714061658daea5a11bfe7820f1a2c53630)
The path may have unbounded length, for example through a fuse mount.
CVE-2021-33910: attacked controlled alloca() leads to crash in systemd and
ultimately a kernel panic. Systemd parses the content of /proc/self/mountinfo
and each mountpoint is passed to mount_setup_unit(), which calls
unit_name_path_escape() underneath. A local attacker who is able to mount a
filesystem with a very long path can crash systemd and the whole system.
https://bugzilla.redhat.com/show_bug.cgi?id=1970887
The resulting string length is bounded by UNIT_NAME_MAX, which is 256. But we
can't easily check the length after simplification before doing the
simplification, which in turns uses a copy of the string we can write to.
So we can't reject paths that are too long before doing the duplication.
Hence the most obvious solution is to switch back to strdup(), as before
7410616cd9dbbec97cf98d75324da5cda2b2f7a2.
(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9)
(cherry picked from commit 764b74113e36ac5219a4b82a05f311b5a92136ce)
(cherry picked from commit 4a1c5f34bd3e1daed4490e9d97918e504d19733b)
(cherry picked from commit b00674347337b7531c92fdb65590ab253bb57538)
(cherry picked from commit 3f49d1faf59acaa85aa5ad502c39b1a601d58d26)
(cherry picked from commit b511a441f3277750e68a14d8d7e6649c4f182b86)
(cherry picked from commit cb5564aea24d6d92716bdd0c06d1a2d7b91a1c71)
(cherry picked from commit 55f79382622187834113dcbce9166b778da3d62c)
(cherry picked from commit 6dc57047ff0f1f9e98938ffb172dae06e6868b94)
(cherry picked from commit e6407ca25852dadec355df2e6fdc92d1f189bceb)
(cherry picked from commit d442b879abac5bcaf7756e53e304fd0ade36d49d)
(cherry picked from commit 4ac578db4afa08ced943cb5095d94992e0ac414c)
Apparently it's an important feature for some folks:
https://utcc.utoronto.ca/\~cks/space/blog/linux/NetworkdMACMatchesWidely.
I think we considered this more of a bugfix, but it's somewhere on the border.
Let's add this it's easier to discover.
(cherry picked from commit 88b2a95064675c5f86648053cf124265f5289095)
(cherry picked from commit 3cb75aecc0a5facf2e057ea56d2334ebd3ee2761)
(cherry picked from commit 3f96f2a741e6f123b9f0a8dffed72eeea45dda78)
It seems that fd_set_perms() is always called after checking that
fd >= 0 (also when called as action() in glob_item_recursively()),
so it seems that the assertion really came from fd==0.
Fixes#20140.
Also three other similar cases are updated.
(cherry picked from commit b4b0f87c6275dde32769c2e75231caa1d4c21f9b)
(cherry picked from commit 1dcecfc50b6c4db3b76b81765403f84c06ecf225)
(cherry picked from commit 5f2d3e45aa156f5fe215c2fd609082423fdd6fc5)
ubifs volumes have a UUID and the built-in blkid is able to determine
it. The disk/by-uuid symlink isn't created because ubifs volumes are
not on block devices but on SUBSYSTEM="ubi" devices. See #20071.
Allow ubi subsystem devices to be processed by the persistent storage
rules too. The kernel device name matching already allows ubi* to pass.
The existing rules are sufficient to create the link.
The links look like other by-uuid symlinks, for example:
/dev/disk/by-uuid/9a136158-585b-4ba4-9b70-cbaf2cf78a1c -> ../../ubi0_1
(cherry picked from commit 21ac7884e9c1684d091d893254bcbe4b83740e9f)
(cherry picked from commit 15bd27b06c67e94541e3376d3d482f4f849f5aff)
(cherry picked from commit 01bd34c18ccb49b536c4d8ce7dac68e4e5893d4d)
This reverts commit 7f1e9c806b6915e8020cf3706dc87e1cd37bc2fa, PR #6750
Apparently the rule change never worked, see #20071.
Fixes#20071
(cherry picked from commit 4b6bc397b454f79006481c1e8507d85c5bfd2e9a)
(cherry picked from commit 7e558b501783757f63b9c93edce43239a5178611)
(cherry picked from commit 897f14bf9d9fe7ab5482bf86a5efc9e2a1e9c831)
Followup for bc989831e6. The original reproducer still works w/o the unref,
and doesn't work with this change.
(cherry picked from commit 13bb1ffb912cacea4041910e38674e0984ac5772)
(cherry picked from commit d82da0f04f6ebe7044f4c33b9067c17c909a8d5d)
(cherry picked from commit c15e100eec24e78bb78d4bd8c0b6ef6bdebc73d4)
[ OK ] Created slice system-getty.slice (Slice /system/getty).
[ OK ] Created slice system-modprobe.slice (Slice /system/modprobe).
[ OK ] Created slice system-sshd\x2dkeygen.slice (Slice /system/sshd-keygen).
[ OK ] Created slice user.slice (User and Session Slice).
Before, the first three slices were shown without any description which didn't
look nice.
(cherry picked from commit 4dd21726f852010aef17e9b952b4bb1646fdf496)
(cherry picked from commit 0b0d80d96009e10ce36d683b7991829a2cfca67c)
(cherry picked from commit 3fa82957117677ec9d858bf86c203be6a39f812c)
The code in service_spawn() was written as if exec_fd_event_source
was always unset. (We would either fail the assertion that is moved in the
patch, or leak the event source object if it was set.)
To make this work, let's always assert that exec_fd_event_source is unset,
and actually unset it service_sigchld_event(). I think this is the most
elegant approach. The problem is that we don't have the same information
about execution flags as in service_spawn(), so we need to conditionalize
on pid==main_pid to know if we should disable exec_fd_event_source.
I think this matches all cases where we may set exec_fd_event_source:
service_enter_start() and service_run_next_main().
service_enter_stop_post() calls service_set_state(), which will also destroy
the source. But that happens too late, because from service_enter_stop_post()
we call service_spawn() first, and then service_set_state() second.
(An alternative approach would be to deallocate the existing
exec_fd_event_source in service_spawn(). But this would mean that we would
temporarily have an event source attached to a process that we already know is
dead, which seems less than ideal.)
Original report from Dimitri John Ledkov <dimitri.ledkov@canonical.com>:
> Ubuntu private bug reference for this issue at the moment is
> https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1921145
> Michael's and Ian's team run into an issue when using systemd in the
> initrd, without dbus daemon running, and launching a unit in a
> particular way that appears to lock up systemd (pid 1) it self.
> michael vogt: "The attached script works for me to reproduce this on
> classic. I tested 20.04 (245) and 21.04 (247) in a qemu VM. Sometimes
> I need to run it multiple times but usually it crashes after at most 2
> runs. Use "journalctl | tail" to see the messages, it's the same that
> Ian reported. There is also a /var/crash/_usr_lib_systemd_systemd
> crash file created."
> I understand that the particular way to run a unit is very odd,
> however, it is currently possible to invoke, and it would be expected
> for pid1 to not lock up and crash.
> The Assertion that systemd hits is along the lines of:
> [ 10.182627] systemd[1]: Assertion 's' failed at
> src/core/service.c:3204, function service_dispatch_exec_io().
> Aborting.
> [ 10.195458] systemd[1]: Caught <ABRT>, dumped core as pid 449.
> [ 10.204446] systemd[1]: Freezing execution.
(cherry picked from commit bc989831e634123c2ff43bcbbeae19097ccc9ff9)
(cherry picked from commit 493c5c7bab9713afcd647dada885bed68b9d3cf3)
(cherry picked from commit 68fcea49fb630fe2475d6fb0220c9330c58e7c36)
This mirrors the change done for systemd-resolved in
97935302283729c9206b84f5e00b1aff0f78ad19. Quoting that patch:
> We generally operate on the assumption that a source is "gone" as soon as we
> unref it. This is generally true because we have the only reference. But if
> something else holds the reference, our unref doesn't really stop the source
> and it could fire again.
In particular, we take temporary references from sd-event code, and when called
from an sd-event callback, we could temporarily see this elevated reference
count. This patch doesn't seem to change anything, but I think it's nicer to do
the same change as in other places and not rely on _unref() immediately
disabling the source.
(cherry picked from commit 5dcadb4c8320f6a7b8a9353404874d43668e4648)
(cherry picked from commit 67782e10f0dd0f2feeb036aa4380fa5c6c55aaea)
(cherry picked from commit 78578b31cd8fc3b6b8d76e5e9820a30cf3dc542a)
dns_resource_record_copy() assumes that NSEC types bitmap is non-empty
which results in a null pointer dereference inside bitmap_copy() in some
cases. Fix this by calling bitmap_copy() conditionally.
(cherry picked from commit 1f00a50c695fe3b55dee38fbd02a902a6c703c87)
(cherry picked from commit fc7be6db131a5062dde76ee7857c2f91e1c402cb)
(cherry picked from commit 3422b16ef9a85ab0a31558a68db67f148961d4a1)
We checked the wrong field, which was always NULL here, so we would always
reject the assignment. We would also print the wrong string in the error
message:
$ sudo systemd-run --socket-property ListenFIFO=/tmp/fifo3 cat
Failed to start transient socket unit: Invalid socket path: FIFO
(cherry picked from commit aeecab3804aae973577f36880af4b7799e4eb7d5)
(cherry picked from commit 78fb13b38572f6649f1e9822ef6acb8ca4952c12)
(cherry picked from commit 7bdc7ff0bb2d1dde1a81b2cbc76e424d1c50b7aa)
Only treat interface names containing dots specially when resolvectl is
pretending to be resolvconf to fix
https://github.com/systemd/systemd/issues/20014 .
Move the special suffix-stripping behaviour of ifname_mangle out to the
new ifname_resolvconf_mangle to be called from resolvconf only.
(cherry picked from commit 7875170f01991a1d28cfe284cc7075630cd69055)
(cherry picked from commit 6ec5680beaa8df4b4b87e9aa614d29561c0e98fe)
(cherry picked from commit 0d18f706a3816464053003b706bb6b2c27de12d1)
(cherry picked from commit 0c651d32d49e66ea0152eea5e65dd19fe01e7a06)
(cherry picked from commit b6811758288fd53266028885d46f5a5f7d8c49a7)
(cherry picked from commit 7ebb0f11eaae93cbf54af40d66a6cab36ba29d72)
(cherry picked from commit 6abd991c718dbc1480ab7e71103a8b3e886bd3a3)
(cherry picked from commit 3dabd7f816fa0465c08745ce76f459c4c2a7c3d5)
(cherry picked from commit 912ae8fa70888747273d7226e9cc9a22c962dd8f)
This makes DHCP client ignore FORCERENEW requests, as unauthenticated
FORCERENEW requests causes a security issue (TALOS-2020-1142, CVE-2020-13529).
Let's re-enable this after RFC3118 (Authentication for DHCP Messages)
and/or RFC6704 (Forcerenew Nonce Authentication) are implemented.
Fixes#16774.
(cherry picked from commit 38e980a6a5a3442c2f48b1f827284388096d8ca5)
(cherry picked from commit 3ec1234d1e3195849088b2a3c70fbdefebeadc35)
(cherry picked from commit f53d610144ca729a7e727fc6d3e86e3a4a2a53ed)
(cherry picked from commit 6a0667d2b6f05682c2ced1b53132274049b9ea5c)
(cherry picked from commit 0aed618942b0bcc5946d15c91f3518fc5024789a)
(cherry picked from commit b9b3d623fc919757d48f89394c0c325355eefde9)
format_timestamp_relative currently returns the plural form of
years and months no matter the quantity, and in many cases (for
durations > 1 week) this is the same with days.
This patch changes this so that the function takes the quantity into account,
returning "1 month 1 week ago" instead of "1 months 1 weeks ago".
(cherry picked from commit 45eb4d2261ed0d943fd503a6d79ee3b7b7558c09)
(cherry picked from commit e74329ce9fa7ccb025960f9b220dff9e556a80e5)
(cherry picked from commit f3f4ace8ea15ada14495a92b24e207769955b1e5)
Cgroups may be unnecessarily realized when they are not needed. This
happens, e.g. for mount units parsed from /proc/$PID/mountinfo, check
touch /run/ns_mount
unshare -n sh -c "mount --bind /proc/self/ns/net /run/ns_mount"
# no cgroup exists
file /sys/fs/cgroup/system.slice/run-ns_mount.mount
systemctl daemon-reload
# the vain cgroup exists
file /sys/fs/cgroup/system.slice/run-ns_mount.mount
. (Such cgroups can account to a large number with many similar mounts.)
The code already accounts for "lazy" realization (see various checks for
Unit.cgroup_realized) but the unit_deserialize() in the reload/reexec
path performs unconditional realization.
Invalidate (and queue) the units for realization only if we know that
they were already realized in the past. This is a safe thing to do even
in the case the reload brings some new cgroup setting (controllers, BPF)
because units that aren't realized will use the updated setting when the
time for their realization comes. (It's not even needed to add a code
comment because the current formulation suggests the changed behavior.)
(cherry picked from commit cc815b7fea0ade5331e8dd22ef6b5183edb77608)
(cherry picked from commit 94f501805db8b272fd2d8d2c4eab0c5291db50e0)
(cherry picked from commit 8712fc5a181d1453840014d765c20c45dbf83b5f)
(cherry picked from commit 9dfb429a44b0c7e4c50f35f888ac8ba3c677a994)
(cherry picked from commit 9f7274055762c8ab31248489e7236c1a51154f62)
(cherry picked from commit 79f50bd61696e41fc45f31996ccafa2d7844cd81)
(cherry picked from commit 3c3335c7146a43137c46acfa18417cca101cb088)
(cherry picked from commit 12600fdc423c0d06906204795230314d5dbfde82)
(cherry picked from commit aed5fb1dc7688bb1cc24d9845140782bcf554ba5)
When suppressing duplicate fields between files we so far tried to reuse
the already known hash value of the data fields between files. This was
fine as long as we used the same hash function everywhere. However,
since addition of the keyed hash feature for journal files this doesn't
work anymore, since the hashes will be different for different files.
Fixes: #19172
(cherry picked from commit 2e1a8a5dab8b5519c079c9bed54fc682aa4095b0)
(cherry picked from commit d804bcadcb448879f31c32363970d9b70b742b9a)
(cherry picked from commit 0f110a75efb789d131ec96cbc4967b7fb1b1d628)
(cherry picked from commit d8671b1c6f036ce270b9631973314e7de24e74b1)
(cherry picked from commit 84e1819ec104a168f7904134b6212669133c955f)
(cherry picked from commit 03af9b1476ff56c67cb84d14927f1ac7b1a534e3)
(cherry picked from commit 34254e599a28529bdb89f91571adeaf7c76d9f43)
(cherry picked from commit daaf9273294f133ab9c970b3172608686de6f86a)
(cherry picked from commit e2950d261dd45fa039ed8f305bf869d65a966cec)
Otherwise, if a socket address is duplicated, then the previous fd is
closed.
Fixes#19843.
(cherry picked from commit 3da0caf5bbf3c8cab716c4d7adf0eb25907dc951)
(cherry picked from commit 11acee8a00f1e04952f86088078041849d8f9819)
(cherry picked from commit 1f5600df9cf5c3dcd4b4ff822e2de916d137e5e2)
(cherry picked from commit d27e6aee5050da17bc9531fb62ac11aba4b15ceb)
(cherry picked from commit 98af14bf53e0aeebf9d88b8f1c202a31ae7bb753)
(cherry picked from commit e8e2c93ed92b6cace68a4fd46bb6d6404a4f1353)
This is currently our only .automount unit. We wouldn't want to trigger it
accidentally during shutdown, so let's stop it too.
(cherry picked from commit dc16846c26287fd2081eb3c4a73487c9b186e2b7)
(cherry picked from commit b1ce5653fac2766c4b4a070fec2126f211d49efa)
(cherry picked from commit 9a8023994ef873dcb2f27ce0a00f7ac9e5248fc2)
We support that tmp.mount being masked, and this should not be considered an
error.
(cherry picked from commit b2c7d1bbc2243a425d9b825859bbd0647eecd050)
(cherry picked from commit 6a3a8c70686ab6da80dd87d0bd816a8c18980b71)
(cherry picked from commit 8d8b959cd418f1f91550c7ff5578bfc5af16dbd0)
With the previous commit, we would not complain about the not-found path, but
the check is still not useful. We use a libc function to resolve the glob, and
it has no notion of treating autofs specially. So we can't avoid touching
autofs when resolving globs. But usually the glob is found in the last
component of the path, so if we strip the glob part, we can still do a useful
check in many cases. (E.g. if /var/tmp is on autofs, something like
"/var/tmp/<glob>" is much more likely than "/var/<glob-that-matches-tmp>/<something>".)
With the system config in F34, we check the following prefixes:
/var/tmp/abrt/* → /var/tmp/abrt/
/run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/
/var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/
/tmp/podman-run-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/
/tmp/containers-user-* → /tmp/
/var/tmp/beakerlib-* → /var/tmp/
/var/tmp/dnf*/locks/* → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/
/var/tmp/abrt/* → /var/tmp/abrt/
/var/tmp/beakerlib-* → /var/tmp/
/var/tmp/dnf*/locks/* → /var/tmp/
/tmp/podman-run-* → /tmp/
/tmp/containers-user-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /tmp/
/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-* → /var/tmp/
/var/tmp/systemd-private-21e5c6c28c5747e6a4c7c28af9560a3d-*/tmp → /var/tmp/
/var/lib/systemd/coredump/.#core*.21e5c6c28c5747e6a4c7c28af9560a3d* → /var/lib/systemd/coredump/
/run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/*.journal* → /run/log/journal/08a5690a2eed47cf92ac0a5d2e3cf6b0/
(cherry picked from commit bd6d28f21ad212e141b5e74bd0b7ad517f64a711)
(cherry picked from commit 399a00be3536cb5fbf3f96058c2a88a2a634d466)
(cherry picked from commit 4a78d0a80fe0eaf8bc0d6579ef96bb31e6afaf48)
(cherry picked from commit 1e472a6ce4747a1f10954fb239df73580c8e7411)
(cherry picked from commit 82fcf663cf2cec519185330964c9fdee956047d8)
(cherry picked from commit ae2ff72e34bf21d3d3e70dbfbe585470d18912ed)
